AWS IAM
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": [
"account:ListRegions",
"autoscaling:DescribeAutoScalingGroups",
"ce:GetCostAndUsage",
"cloudformation:DescribeStacks",
"cloudfront:ListDistributions",
"cloudtrail:DescribeTrails",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeLoadBalancers",
"es:ListDomainNames",
"glacier:ListVaults",
"health:DescribeEvents",
"iam:GetUser",
"iot:ListThings",
"kinesis:ListStreams",
"lambda:ListFunctions",
"pricing:GetProducts",
"rds:DescribeDBInstances",
"redshift:DescribeClusters",
"route53:ListHostedZones",
"route53domains:ListDomains",
"s3:ListAllMyBuckets",
"sagemaker:ListNotebookInstances",
"ses:ListIdentities",
"sns:ListTopics",
"sqs:ListQueues",
"sts:GetCallerIdentity"
],
"Resource": "*"
}
}Metrum needs limited access to your account to inspect your infrastructure.
More access may be required for future features, but we will follow the best practice of not requiring them until necessary.
To link sub-accounts or related accounts simply add another IAM pair.